vaultwarden added oauth

vaultwarden-system/vaultwarden.yaml

@@ -10,7 +10,6 @@ metadata:
   labels:
     app.kubernetes.io/instance: vaultwarden
     app.kubernetes.io/name: vaultwarden
-    app.kubernetes.io/version: 1.34.3
   name: vaultwarden
   namespace: vaultwarden-system
 spec:
@@ -26,11 +25,10 @@ spec:
       labels:
         app.kubernetes.io/instance: vaultwarden
         app.kubernetes.io/name: vaultwarden
-        app.kubernetes.io/version: 1.34.3
     spec:
       containers:
       - name: vaultwarden
-        image: vaultwarden/server:1.34.3
+        image: vaultwarden/server:1.35.0
         imagePullPolicy: IfNotPresent
         env:
         - name: TZ
@@ -77,6 +75,30 @@ spec:
               key: from-address
         - name: SMTP_FROM_NAME
           value: Vaultwarden
+        - name: SSO_ENABLED
+          value: "true"
+        - name: SSO_AUTHORITY
+          value: "https://authentik.dooplex.hu/application/o/vaultwarden/"
+        - name: SSO_CLIENT_ID
+          valueFrom:
+            secretKeyRef:
+              name: vaultwarden-oauth
+              key: client-id
+        - name: SSO_CLIENT_SECRET
+          valueFrom:
+            secretKeyRef:
+              name: vaultwarden-oauth
+              key: client-secret
+        - name: SSO_SCOPES
+          value: "openid email profile offline_access"
+        - name: SSO_ALLOW_UNKNOWN_EMAIL_VERIFICATION
+          value: "false"
+        - name: SSO_CLIENT_CACHE_EXPIRATION
+          value: "0"
+        - name: SSO_ONLY
+          value: "false"  # Set to true to disable email+password login
+        - name: SSO_SIGNUPS_MATCH_EMAIL
+          value: "true"
         ports:
         - containerPort: 80
           name: http
@@ -118,7 +140,6 @@ metadata:
   labels:
     app.kubernetes.io/instance: vaultwarden
     app.kubernetes.io/name: vaultwarden
-    app.kubernetes.io/version: 1.34.3
   name: vaultwarden
   namespace: vaultwarden-system
 spec: